A security loophole in iOS 4.1 (as well as the 4.2 beta, apparently) allows unauthorized access to the iPhone's contacts, phone functionality, emails and MMS. Spotted by MacRumors forum members, the exploit is straightforward: from the iPhone 4 lockscreen, hit "Emergency Call", type in a random number and initiate the call, and then press the sleep key as soon as the end-call button appears on-screen. That automatically takes you to the handset's contact list.
From that list, it's possible to browse all the contacts, as well as share their details via email or MMS (though not access the general inbox of either). From that email, you can also browse the photo gallery (as if choosing an attachment).
Apple is yet to comment on the exploit, but we imagine their technical team will be hard at work coming up with a fix for it. Still, until that's released, we'd recommend taking some care with where you leave your iPhone, even if you've got the lock enabled.